Configure IBM Db2 initially and request a client certificate

now that you have configured the ca and kmip tls server certificates, you must use ibm db2 to request a client certificate attempting to import an existing client certificate that you did not generate by using a csr from ibm db2 results in an error create a csr perform the following steps to create the local keystore and request a csr for the client certificate on the server where you installed ibm db2, create a working directory for your certificates in the c drive (for example, c \certs ) copy your root ca certificate into the folder open a command line and run the following command to create the local key store "c \program files\ibm\gsk8\bin\gsk8capicmd 64" keydb create db c \certs\clientkeydb p12 pw safest type pkcs12 stash modify the command with your working folder directory, desired key store file name, and key store password next, run the following command to import the root ca certificate into the local keystore "c \program files\ibm\gsk8\bin\gsk8capicmd 64" cert add db c \certs\clientkeydb p12 stashed label root file c \certs\root pem after you have imported the root ca certificate into the local keystore, run the following command to generate the csr for the ibm db2 client certificate "c \program files\ibm\gsk8\bin\gsk8capicmd 64" certreq create db c \certs\clientkeydb p12 stashed label ibmdb2 dn "cn=ibmdb2" target c \certs\clientcert csr size 2048 sigalg sha256 for future configuration, make note of the label and common name of the client certificate the name of the identity you create on the {{k}} must match the common name of the client certificate after generating the csr for the ibm db2 client certificate, use the configured storage medium to copy it to the {{k3}} sign the csr perform the following steps to sign the ibm db2 client certificate csr log in to the {{k3}} by using the default admin identities go to pki > certificate authorities and right click the root ca certificate you created for this integration then, select add certificate > from request browse for the client csr and select it certificate details populate in the import certificate window on the subject dn and basic info tabs, leave all settings set to the default values on the v3 extensions tab, set the profile to tls client certificate and select \[ ok ] the ibm db2 client certificate now displays in the certificate tree export the client certificate perform the following steps to export the signed ibm db2 client certificate right click the signed ibm db2 client certificate and select export > certificate(s) on the export certificate window, change the encoding to pem , specify a name for the file, and select \[ browse ] browse to a location to save the certificate and select \[ open ] select \[ ok ] a message states that the file was successfully saved to the specified location copy the client certificate to the working folder on the ibm db2 server